This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:APACHE:LDAPFS
|
Severity |
Minor
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Apache auth_ldap Username Format String
|
Release Date |
2009/04/27
|
Update Number |
1419
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Apache auth_ldap Username Format String
This signature detects attempts to exploit a known vulnerability against Apache. Attackers can cause a denial-of-service attack or execute arbitrary code.
Extended Description
The Apache Software Foundation has released version 2.0.46, which addresses a vulnerability in the web server. This is due to a potential memory management issue in the apr_psprintf() Apache Portable Runtime (APR) library. Exploitation could occur through mod_dav or other components. It has also been conjectured that exploitation could allow for execution of arbitrary code. Further details regarding this issue are pending from the vendor.
Affected Products
- Apache_software_foundation apache 1.3.0
- Apache_software_foundation apache 1.3.1
- Apache_software_foundation apache 1.3.11
- Apache_software_foundation apache 1.3.12
- Apache_software_foundation apache 1.3.13
- Apache_software_foundation apache 1.3.14
- Apache_software_foundation apache 1.3.14 Mac
- Apache_software_foundation apache 1.3.15
- Apache_software_foundation apache 1.3.16
- Apache_software_foundation apache 1.3.17
- Apache_software_foundation apache 1.3.18
- Apache_software_foundation apache 1.3.19
- Apache_software_foundation apache 1.3.20
- Apache_software_foundation apache 1.3.22
- Apache_software_foundation apache 1.3.23
- Apache_software_foundation apache 1.3.24
- Apache_software_foundation apache 1.3.25
- Apache_software_foundation apache 1.3.26
- Apache_software_foundation apache 1.3.27
- Apache_software_foundation apache 1.3.3
- Apache_software_foundation apache 1.3.4
- Apache_software_foundation apache 1.3.6
- Apache_software_foundation apache 1.3.7 -Dev
- Apache_software_foundation apache 1.3.9
- Apache_software_foundation apache 2.0.0
- Apache_software_foundation apache 2.0.0 A9
- Apache_software_foundation apache 2.0.28
- Apache_software_foundation apache 2.0.28 Beta
- Apache_software_foundation apache 2.0.28 -BETA
- Apache_software_foundation apache 2.0.32
- Apache_software_foundation apache 2.0.32 -BETA
- Apache_software_foundation apache 2.0.34 -BETA
- Apache_software_foundation apache 2.0.35
- Apache_software_foundation apache 2.0.36
- Apache_software_foundation apache 2.0.37
- Apache_software_foundation apache 2.0.38
- Apache_software_foundation apache 2.0.39
- Apache_software_foundation apache 2.0.40
- Apache_software_foundation apache 2.0.41
- Apache_software_foundation apache 2.0.42
- Apache_software_foundation apache 2.0.43
- Apache_software_foundation apache 2.0.44
- Apache_software_foundation apache 2.0.45
- Hp apache-based_web_server 1.3.27 .00
- Hp apache-based_web_server 1.3.27 .01
- Hp apache-based_web_server 1.3.27 .02
- Hp apache-based_web_server 2.0.43 .00
- Hp apache-based_web_server 2.0.43 .04
- Hp hp-ux_apache-based_web_server 1.0.0 .01
- Hp hp-ux_apache-based_web_server 1.0.0 .02.01
- Hp hp-ux_apache-based_web_server 1.0.0 .03.01
- Hp hp-ux_apache-based_web_server 1.0.0 .04.01
- Hp hp-ux_apache-based_web_server 1.0.0 .05.01
- Hp hp-ux_apache-based_web_server 1.0.1 .01
- Red_hat httpd-2.0.40-21.i386.rpm
- Red_hat httpd-2.0.40-8.i386.rpm
- Red_hat httpd-devel-2.0.40-21.i386.rpm
- Red_hat httpd-devel-2.0.40-8.i386.rpm
- Red_hat httpd-manual-2.0.40-21.i386.rpm
- Red_hat httpd-manual-2.0.40-8.i386.rpm
- Red_hat mod_ssl-2.0.40-21.i386.rpm
- Red_hat mod_ssl-2.0.40-8.i386.rpm
References